Core Contracts

Summary

The transferAsset() function in the DEToken.sol contract is intended to transfer RTokens from the DEToken contract to a specified user. However, this function is inaccessible because the StabilityPool contract does not call it, despite being the only authorized caller through the onlyStabilityPool modifier. This results in the possibility of rTokens being stuck within the contract.

Vulnerability Details

In the DEToken.sol contract, the transferAsset() function is protected by the onlyStabilityPool modifier, which restricts its usage to only the Stability Pool. However, the StabilityPool contract does not invoke this function anywhere in its code, meaning it cannot be called even by the authorized address. This causes the tokens to remain locked in the contract since no external function is available to trigger the transfer of RTokens to the intended users.

The function signature is as follows:

This function is intended to allow the Stability Pool to transfer RTokens to users, but because there is no interaction from the StabilityPool contract, RTokens cannot be transferred as expected.

Impact

The lack of the ability to call the transferAsset() function means that any RTokens within the DEToken contract cannot be distributed to users. This could cause a significant issue for users trying to redeem their tokens or withdraw assets, resulting in financial loss or a breakdown in the expected functionality of the protocol.

Tools Used

Manual code review

Recommended Mitigation

The issue could be resolved by ensuring that the Stability Pool contract calls the transferAsset() function when necessary. This could be achieved by adding a call to transferAsset() within the StabilityPool contract or by reviewing the contract’s logic to make sure the intended transfers are properly triggered.